Compliance at Vossloh
Vossloh considers compliance to be conduct in line with all the applicable laws and internal guidelines. As a global enterprise with a 140-year history, Vossloh has a social responsibility toward its customers, partners, employees, investors and the public. This social responsibility involves Vossloh and all its employees adhering to the applicable laws, respecting basic ethical values and acting in an exemplary fashion at all times and in all situations in the course of their work.
The Executive Board of Vossloh AG has unequivocally summed up these principles in its Compliance Commitment, which states: “Compliance with the law has absolute priority over closing a deal or achieving internal targets. We would rather forgo a business opportunity than violate the law. We will not tolerate any violation of the law or of our internal guidelines and policies and will sanction any such behavior (zero tolerance policy).” The Executive Board of Vossloh AG has put a Compliance Management System in place for the Vossloh Group. The Vossloh Compliance Management System is designed to identify compliance violation risks and to minimize these risks in order to prevent Vossloh and its employees from incurring damage. Anti-corruption and the strict observance of antitrust regulations play a particularly important role.
Since 2007, the Vossloh Compliance Management System has been based on the Vossloh Code of Conduct, which stipulates the value of integrity and is mandatory for the entire Group and all employees. The Code of Conduct was comprehensively revised and enhanced in 2016. With this and the compliance guidelines, which apply equally throughout the Group, all the employees have a canon of rules that serves as a yardstick for their daily work and helps them make good and lawful decisions. The compliance rules are available in the Group’s main languages and have been distributed to all Vossloh Group employees around the world. Based on a compliance training concept, all employees receive regular training on compliance issues tailored to their target group. Vossloh has also established a compliance eLearning program for all employees with a computer workstation.
To implement and monitor compliance, the Executive Board established the Compliance Organization, stipulating its structure, responsibilities and tasks of the individual compliance positions, and their reporting channels in the “Rules of Procedure of the Compliance Organization.” The Vossloh Compliance Organization comprises the Chief Compliance Officer (supported by a Compliance Office), the Group Compliance Committee at Vossloh AG, Compliance Officers and Compliance Committees within the business units and Local Compliance Officers within the operating companies. The Chief Compliance Officer regularly reports to the Executive Board and Supervisory Board.
Vossloh set up a whistleblower hotline in partnership with an international law firm in order to uncover potential Compliance violations. The whistleblower hotline allows company employees and external whistleblowers to report possible misconduct to an independent external contact (ombudsperson). The whistleblower hotline has so far been set up for 24 countries. As such, the main regions and the languages spoken within the Vossloh Group are essentially covered. The Chief Compliance Officer follows up all reports and implements appropriate measures where necessary. The same applies to reports which employees can make internally, for example they can contact Vossloh AG's Compliance Office directly.
The Chief Compliance Officer and the Group Compliance Committee review continuously the Group-wide appropriateness and effectiveness of the Compliance Management System. Following the last review in 2017, the Executive Board decided to subject the Compliance Management System to another external review — in relation to the subsections of antitrust law and anti-corruption — in accordance with Assurance Standard 980 of the Institute of Public Auditors in Germany (IDW) (IDW AsS 980 as amended (2022)) in the fiscal year 2024, and once again commissioned KPMG AG Wirtschaftsprüfungsgesellschaft for this purpose after 2017. The audit was conducted as an effectiveness review and was completed in October 2025. KPMG confirmed in their audit report (convenience translation) that the Compliance Management System of the Vossloh Group was properly implemented and effective during the review period. Any findings and recommendations made for future Compliance work have been and will be implemented as part of the continuous development and improvement of the Vossloh Compliance Management System.
In addition, the Group Compliance Committee regularly performs incident-unrelated audits, usually with the assistance of external auditors. In order to check the adequacy and effectiveness of the Compliance Management System within the Group companies and to identify new or changed risks and any scope for improvement, at the end of the fiscal year 2024, a software-based risk assessment for all Group companies was introduced. This review is repeated annually.
If you have questions, suggestions or would like to make a notification with regard to the Vossloh Compliance Management System, please contact the Compliance Office of Vossloh AG:
Phone: +49 (0)2392 /52-723
E-Mail: compliance@vossloh.com